General
-
Target
a2ecea288c6585f8c9d92d206781d1db7354db86ba8d5edfee14862d55f76d41
-
Size
266KB
-
Sample
220605-nxzqcaedak
-
MD5
573b4d1509a8e28f3c823538332f9cd1
-
SHA1
1cbc4336f626fb0faa85d0309e8338b4ad5b0adb
-
SHA256
a2ecea288c6585f8c9d92d206781d1db7354db86ba8d5edfee14862d55f76d41
-
SHA512
2b69ee51d626bd2ae09f02e29793428648c818549afe5a034e62f06f8d7920f062d4914cc4876b8d89bd36ada7cacf10ea577e42e7d213dbc934ee198385a3b7
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
a2ecea288c6585f8c9d92d206781d1db7354db86ba8d5edfee14862d55f76d41
-
Size
266KB
-
MD5
573b4d1509a8e28f3c823538332f9cd1
-
SHA1
1cbc4336f626fb0faa85d0309e8338b4ad5b0adb
-
SHA256
a2ecea288c6585f8c9d92d206781d1db7354db86ba8d5edfee14862d55f76d41
-
SHA512
2b69ee51d626bd2ae09f02e29793428648c818549afe5a034e62f06f8d7920f062d4914cc4876b8d89bd36ada7cacf10ea577e42e7d213dbc934ee198385a3b7
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-